diff --git a/CHANGES/1537.removal b/CHANGES/1537.removal new file mode 100644 index 000000000..8b5118ed8 --- /dev/null +++ b/CHANGES/1537.removal @@ -0,0 +1 @@ +Removed the deprecated `ADDITIONAL_OCI_ARTIFACT_TYPES` setting. diff --git a/docs/workflows/index.rst b/docs/workflows/index.rst index dbb9101eb..241e040a3 100644 --- a/docs/workflows/index.rst +++ b/docs/workflows/index.rst @@ -77,5 +77,4 @@ OCI artifact support cosign-support helm-support - oci-artifacts flatpak-support diff --git a/docs/workflows/oci-artifacts.rst b/docs/workflows/oci-artifacts.rst deleted file mode 100644 index 9374d1eeb..000000000 --- a/docs/workflows/oci-artifacts.rst +++ /dev/null @@ -1,60 +0,0 @@ -Managing additional OCI media types -=================================== - -.. _default-oci-types: - -By default the following list of media types is enabled in the Container Registry:: - - * OCI images - * Helm - * Cosign, SBOMs, attestations - * Source containers - * Singularity - * Conftest policies - * WASM - -.. note:: - - The ``ADDITIONAL_OCI_ARTIFACT_TYPES`` is deprecated and will be removed in a future release. - Since the validation of media types is not part of the OCI standard and new types keep being - added we decided to deprecate this configuration. - -For any other OCI media type that is not supported by default, you can add them to the -``ADDITIONAL_OCI_ARTIFACT_TYPES`` setting using the following format:: - - ADDITIONAL_OCI_ARTIFACT_TYPES = { - "": [ - "", - "", - ], - "": [ - "", - "", - ], - } - - -For example, you can add support for custom defined mediatype by adding the following to your -``ADDITIONAL_OCI_ARTIFACT_TYPES`` setting:: - - ADDITIONAL_OCI_ARTIFACT_TYPES = { - "": [ - "", - "", - ], - "": [ - "", - "", - ], - "application/vnd.guardians.groot.config.v1+json": [ - "text/plain", - "application/vnd.guardians.groot.docs.layer.v1+tar", - ], - } - - .. note:: - -When adding OCI media types that are not configured by default, it is necessary then to manually add -the :ref:`Default oci types` to the list. -The OCI image-spec types are supported by default, they are built-in and cannot be disabled, it is -not necessary to add them manually to the list. diff --git a/pulp_container/app/__init__.py b/pulp_container/app/__init__.py index 9f5456a75..16ee11ba4 100644 --- a/pulp_container/app/__init__.py +++ b/pulp_container/app/__init__.py @@ -11,12 +11,3 @@ class PulpContainerPluginAppConfig(PulpPluginAppConfig): def ready(self): super().ready() - self.register_registry_types() - - def register_registry_types(self): - # circular import avoidance - from pulp_container import constants - from django.conf import settings - - for media_type, layer_types in settings.ADDITIONAL_OCI_ARTIFACT_TYPES.items(): - constants.register_well_known_types(media_type, layer_types) diff --git a/pulp_container/app/settings.py b/pulp_container/app/settings.py index 583216689..48e745184 100644 --- a/pulp_container/app/settings.py +++ b/pulp_container/app/settings.py @@ -3,50 +3,6 @@ "reusable_conditions": ["pulp_container.app.global_access_conditions"], } -ADDITIONAL_OCI_ARTIFACT_TYPES = { - "application/vnd.oci.image.config.v1+json": [ - # cosign signing and attestations - "application/vnd.dev.cosign.simplesigning.v1+json", - "application/vnd.dsse.envelope.v1+json", - # cosign SBOMS spdx and cyclonedx - "text/spdx", - "text/spdx+xml", - "text/spdx+json", - "application/vnd.cyclonedx", - "application/vnd.cyclonedx+xml", - "application/vnd.cyclonedx+json", - # syft SBOMS - "application/vnd.syft+json", - # cosign in-toto attestations - "application/vnd.in-toto+json", - ], - # helm - "application/vnd.cncf.helm.config.v1+json": [ - "application/tar+gzip", - "application/vnd.cncf.helm.chart.content.v1.tar+gzip", - "application/vnd.cncf.helm.chart.provenance.v1.prov", - ], - # source containers - "application/vnd.oci.source.image.config.v1+json": [ - "application/vnd.oci.image.layer.v1.tar+gzip", - ], - # conftest policies - "application/vnd.cncf.openpolicyagent.config.v1+json": [ - "application/vnd.cncf.openpolicyagent.policy.layer.v1+rego", - "application/vnd.cncf.openpolicyagent.data.layer.v1+json", - "application/vnd.cncf.openpolicyagent.manifest.layer.v1+json", - "application/vnd.cncf.openpolicyagent.rego.layer.v1+rego", - ], - # singularity - "application/vnd.sylabs.sif.config.v1+json": [ - "application/vnd.sylabs.sif.layer.v1.sif", - ], - # wasm - "application/vnd.wasm.config.v1+json": [ - "application/vnd.wasm.content.layer.v1+wasm", - ], -} - FLATPAK_INDEX = False # The number of allowed threads to sign manifests in parallel diff --git a/pulp_container/app/utils.py b/pulp_container/app/utils.py index 06834c02a..0fa6f40a9 100644 --- a/pulp_container/app/utils.py +++ b/pulp_container/app/utils.py @@ -15,7 +15,7 @@ from pulpcore.plugin.models import Artifact, Task -from pulp_container.constants import ALLOWED_ARTIFACT_TYPES, MANIFEST_MEDIA_TYPES, MEDIA_TYPE +from pulp_container.constants import MANIFEST_MEDIA_TYPES, MEDIA_TYPE from pulp_container.app.exceptions import ManifestInvalid from pulp_container.app.json_schemas import ( OCI_INDEX_SCHEMA, @@ -177,10 +177,10 @@ def determine_media_type_from_json(content_data): else: if config := content_data.get("config"): config_media_type = config.get("mediaType") - if config_media_type in ALLOWED_ARTIFACT_TYPES: - return MEDIA_TYPE.MANIFEST_OCI - else: + if config_media_type == MEDIA_TYPE.CONFIG_BLOB: return MEDIA_TYPE.MANIFEST_V2 + else: + return MEDIA_TYPE.MANIFEST_OCI else: return MEDIA_TYPE.MANIFEST_V1 diff --git a/pulp_container/constants.py b/pulp_container/constants.py index 98a3cecbe..8d6463481 100644 --- a/pulp_container/constants.py +++ b/pulp_container/constants.py @@ -71,16 +71,3 @@ SIGNATURE_PAYLOAD_MAX_SIZE = 4 * MEGABYTE SIGNATURE_API_EXTENSION_VERSION = 2 - - -ALLOWED_ARTIFACT_TYPES = [MEDIA_TYPE.CONFIG_BLOB_OCI, MEDIA_TYPE.OCI_EMPTY_JSON] -ALLOWED_BLOB_CONTENT_TYPES = OCI_BLOB_MEDIA_TYPE - - -def register_well_known_types(artifact_config_type, artifact_layer_types): - if artifact_config_type not in ALLOWED_ARTIFACT_TYPES: - ALLOWED_ARTIFACT_TYPES.append(artifact_config_type) - - for layer_type in artifact_layer_types: - if layer_type not in ALLOWED_BLOB_CONTENT_TYPES: - ALLOWED_BLOB_CONTENT_TYPES.append(layer_type) diff --git a/staging_docs/admin/guides/change-allowed-artifacts.md b/staging_docs/admin/guides/change-allowed-artifacts.md deleted file mode 100644 index 7faaa8999..000000000 --- a/staging_docs/admin/guides/change-allowed-artifacts.md +++ /dev/null @@ -1,61 +0,0 @@ -# Configure Supported OCI Types - -By default, the following list of media types is enabled in the Container Registry: - -* OCI images -* Helm -* Cosign, SBOMs, attestations -* Source containers -* Singularity -* Conftest policies -* WASM - -!!! note - - The `ADDITIONAL_OCI_ARTIFACT_TYPES` is deprecated and will be removed in a future release. - Since the validation of media types is not part of the OCI standard and new types keep being - added we decided to deprecate this configuration. - -For any other OCI media type that is not supported by default, you can add them to the -`ADDITIONAL_OCI_ARTIFACT_TYPES` setting using the following format: - -``` -ADDITIONAL_OCI_ARTIFACT_TYPES = { - "": [ - "", - "", - ], - "": [ - "", - "", - ], -} -``` - -For example, you can add support for custom defined mediatype by adding the following to your -`ADDITIONAL_OCI_ARTIFACT_TYPES` setting: - -``` -ADDITIONAL_OCI_ARTIFACT_TYPES = { - "": [ - "", - "", - ], - "": [ - "", - "", - ], - "application/vnd.guardians.groot.config.v1+json": [ - "text/plain", - "application/vnd.guardians.groot.docs.layer.v1+tar", - ], -} - -``` - -!!! note - - When adding OCI media types that are not configured by default, it is necessary then to manually add - the `Default oci types` to the list. - The OCI image-spec types are supported by default, they are built-in and cannot be disabled, it is - not necessary to add them manually to the list.